Use linux as FTP server (2)


Third, configure FTP
FTP configuration files are six: /etc/ftpusers; /etc/ftpgroups; /etc/ftphosts; /etc/ftpaccess; /etc/Xferlog; /etc/ftpconversions. The following is a detailed introduction to these documents.

1. /etc/ftpusers
This file is a list, each line specifies a special user, the default is 14 lines. Users listed in this file will be blocked from accessing the FTP server. The reason is that the special permissions these users have will threaten the security of the FTP server.

2. /etc/ftpgroups
In this file you can specify a group whose members are pre-defined to access the FTP server. The format of the file is generally: #test : ENCRYPTED PASSWORD HERE : archive
Access Group Name: Encrypted Password: The corresponding group name of the access group name in /etc/groups
The encryption program used here is CRYPT.

3. /etc/ftpaccess
The /etc/ftpaccess file is the main configuration file that controls which users can access the server. Each line in the file defines an attribute or defines the value of the attribute. The following is a description of the commands commonly used in the file.

(1) class
class [ ... ...]
Used to define a class of users who can access the FTP server. Where classname is the defined class name, typelist is the type of user that is allowed to enter this class, and addrglob is the range of IP addresses that are allowed to enter this class. The typelist is a comma-separated list. There are three possible values: anonymous, guest, and real. They are anonymous only to access public files on the server, guest is the guest account, and real is on the FTP server. User of their own account. If Addrglob is *, it represents all sites.

(2) deny
This command can decide whether to provide services to them based on the host name or IP address. The format is:
where addrglob represents the address of the service being denied, and message_file specifies a file that will be displayed to the host when a host is denied service.
This command can also determine whether to provide services based on the host name through DNS reverse resolution, use! Nameserved as the content of addrglob.

(3) loginfails
This command is used to determine how many registration attempts the client will make. The default is 5.

(4) email
This command is used to specify an administrator's E-mail address. By default, it is root@localhost.

(5) message
This command determines what message is sent to the user when the user enters the system or a specific directory. The format is as follows:
message { ... ...}
where path is the path name, when is the condition for displaying the message, there can be two values, one is LOGIN (the user displays the specified message as soon as the registration is successful), One is CWD=< dir> (displays the specified message when the user enters < dir>). Class is the class to which this command applies. This item is optional.
This command can be reused.

(6) readme
This command specifies a condition under which the user is notified that a specified file in the current directory has been last changed. The format is:
readme { }
The meaning of each item is similar to the message command. When the user is an anonymous user, the file must be checked against the user's FTP directory.

(7) log transfers
This command records all file transfers of the user. The format is:
log transfers
where typelist is a list (anonymous, guest, or real) that specifies which users will be logged, and directions is a list of which transports will be recorded. The results of the record are stored in the /var/log/xferlog file.

(8) compress
Compress is a tool provided in the FTP server that allows the server to compress or decompress files. The format is:
where the value of switch (yes or no) determines whether this feature is turned on, and classglob specifies the class to which this compression option applies.

(9) tar
This command is used to notify the server whether to open the file for the user. The format is as follows:
The meaning of each item is similar to that of compress.
Note: The above two features are controlled by the /etc/ftpconversions file, see the /etc/ftpconversions file.

(10) shutdown
This command causes the server to periodically check a specified file to determine if the server is closed. The specified file should be readable by root. The format is:
* Attached: The specified file format is
< day>
where year must be after 1970; month is 0 to 11 for January to December ;day is from 0 to 30; hour is from 0 to 23; minute is from 0 to 59; deny_offset is used to specify when the server stops accepting new connections, the first two are hours, the last two are minutes; disconnect_offset specifies The time when the existing connection is disconnected, the format is the same as above; text specifies a system shutdown warning that will be displayed to the user.

(11) chmod
This command determines whether the user can change the permissions of the files on the server. The format is:
where the value of switch (yes or no) determines whether this feature is turned on, and the typelist specifies the type of user (anonymous, guest, or real) affected by this command.

(12) delete
This command tells the server whether the user can delete files located on the server through FTP. The format is:
The meaning of each item is the same as above.

(13) overwrite
This command determines whether an FTP user can perform an upload operation to replace an existing file on the server. The format is:
The meaning of each item is the same as above.

(14) rename
This command determines whether the FTP user can rename the file on the server. The format is:
The meaning of each item is the same as above.

(15) passwd-check
The passwd-check command can be used to determine how to request a string that is treated as an anonymous user's e-mail address. The format of this command is:
There are three values: none (do not check password), trivial (requires at least one @ symbol in the password) or rfc822 (requires e-mail address must comply with The RFC822 message header standard) has two values: warn (warn if the user does not provide a password as required by strichness, but allows the connection) and enforce ((If the user does not provide the password as requested by strichness, the connection is refused ).

Copyright © Windows knowledge All Rights Reserved